climateprediction.net home page
Security

Security

Message boards : Cafe CPDN : Security
Message board moderation

To post messages, you must log in.

AuthorMessage
old_user97614

Send message
Joined: 10 Sep 05
Posts: 1
Credit: 595
RAC: 0
Message 16053 - Posted: 16 Sep 2005, 12:57:29 UTC

What we all well meaning participants have for safeguards against private data collection from our computer by any misled or deteriorated operative of the project core team?
ID: 16053 · Report as offensive     Reply Quote
Profile Andrew Hingston
Volunteer moderator

Send message
Joined: 17 Aug 04
Posts: 753
Credit: 9,804,700
RAC: 0
Message 16060 - Posted: 16 Sep 2005, 13:54:48 UTC
Last modified: 16 Sep 2005, 13:55:34 UTC

There are two parts to the software.

BOINC, the part that communicates with the outside world, is open source and many different people around the world contribute to it. My understanding is that it would not be possible to hide code in there that would gather information of the sort you are concerned about.

As for CPDN, and the other projects, the answer is that the files that are sent back are identifiable and their purpose is known (in the case of CPDN, there are ways of viewing their content using the visualisation programs for example).

The other safeguard is that CPDN is run by the University of Oxford and subject to the ethical, academic and professional standards of that institution. There are a number of team members and anything odd would also be spotted by them. Obviously, in joining projects each of us has to make his or her own judgement on whether the purpose is worthwhile, and the people behind it to be trusted, but that is a good reason for backing projects like this one.
ID: 16060 · Report as offensive     Reply Quote
crandles
Volunteer moderator

Send message
Joined: 16 Oct 04
Posts: 692
Credit: 277,679
RAC: 0
Message 16061 - Posted: 16 Sep 2005, 14:31:19 UTC
Last modified: 16 Sep 2005, 14:31:33 UTC

You may also want to note the following answer from one of the FAQ\'s:

<quote>Will you sell my email address or other data?
Never! We\'re interested in your email address only so we can contact you when the climateprediction.net client is ready for distribution and to keep you informed of the project\'s progress. We shall use your username only to customise the information on our website, User Portal and in various statistics.
</quote>

There is also <a href=\"http://boinc-doc.net/boinc-wiki/index.php?title=BOINC_FAQ:_Security\">this from the wiki</a>
Visit BOINC WIKI for help

And join BOINC Synergy for all the news in one place.
ID: 16061 · Report as offensive     Reply Quote
old_user23880
Volunteer tester

Send message
Joined: 10 Oct 04
Posts: 223
Credit: 4,664
RAC: 0
Message 16078 - Posted: 16 Sep 2005, 23:31:00 UTC

In addition, some of us have met members of the climate research team and the computer guys from Oxford. They post on these forums. Their biggest recommendation is that they are not anonymous.
__________________________________________________

ID: 16078 · Report as offensive     Reply Quote
old_user1
Avatar

Send message
Joined: 5 Aug 04
Posts: 907
Credit: 299,864
RAC: 0
Message 16092 - Posted: 18 Sep 2005, 10:54:52 UTC - in response to Message 16053.  

What we all well meaning participants have for safeguards against private data collection from our computer by any misled or deteriorated operative of the project core team?


well we may be \"misled or deteriorated\" (that\'s a joke!) but all we collect is the CPDN data (either via trickles or file/intermediate file uploads). Security is something we take seriously, which is why old CPDN used https:// for all transactions (makes it a lot tougher for a \"man in the middle\" to intercept packets). And similarly I just refactored the network layer of BOINC to use libcurl (a la \"old CPDN\") and allow for BOINC projects to have https:// websites.

I suppose the best way to ensure that there is nothing odd going on is to make all the source code available, but unfortunately the climate model is proprietary and the Met Office wouldn\'t like us handing out this code! I was toying with the idea of just making the C++ code public (there\'s only one MetOffice file which is in C, the rest is Fortran), since it\'s setup now that we just link against a Fortran library of MetOffice code (since that rarely changes). But then again, I suppose people could just claim or worry that we have \"evil functions that do bad things\" hidden away in the Fortran lib.
ID: 16092 · Report as offensive     Reply Quote
old_user23880
Volunteer tester

Send message
Joined: 10 Oct 04
Posts: 223
Credit: 4,664
RAC: 0
Message 16114 - Posted: 18 Sep 2005, 22:06:58 UTC
Last modified: 18 Sep 2005, 22:07:23 UTC

I like the new avatar, Carl. Almost as many spires as Oxford.
__________________________________________________

ID: 16114 · Report as offensive     Reply Quote
Profile old_user28658
Avatar

Send message
Joined: 5 Nov 04
Posts: 17
Credit: 85,526
RAC: 0
Message 16116 - Posted: 18 Sep 2005, 22:46:21 UTC
Last modified: 18 Sep 2005, 22:50:09 UTC

Edit: Unneccessary, didnt read your post properly, Carl :)
ID: 16116 · Report as offensive     Reply Quote

Message boards : Cafe CPDN : Security

©2024 climateprediction.net